A post-SolarWinds move away from Active Directory Federation Services to Azure AD - now known as Entra ID - didn't necessarily stop hackers from forging single sign-on authentication messages, warn security researchers from Semperis, who unveiled an attack they dub "Silver SAML."
North Korea's Lazarus hackers exploited a Windows AppLocker driver zero-day to gain kernel-level access and turn off security tools that could detect the group's bring-your-own-vulnerable-driver exploitation techniques. Microsoft fixed the bug in its February patch dump.
Officials from the U.S. Coast Guard Cyber Command told lawmakers Thursday the military branch is building out deployable teams of cybersecurity protection units and taking advantage of expanded authorities under a recent executive order to better protect Americas modern maritime infrastructure.
Ransomware group Rhysida is offering to sell "exclusive data" stolen from a Chicago children's hospital for $3.4 million on the dark web, while the hospital is still struggling to recover its IT systems, including its electronic health records and patient portal, one month after the attack.
This week, progress was made in the FTX case, a hacker testified in the Bitcoin Fog case, an Axie Infinity co-founder and a MicroStrategy account were hacked, the KyberSwap hacker moved funds, the EU has a new AMLA office, and Aleo was breached.
The U.S. presidential election is still eight months away, but the FBI is already seeing its share of cyberattacks, nation-state threats and AI-generated deepfakes. According to FBI Agent Robert K. Tripp, "We're no longer considering threats as a what-if situation; it's happening now."
This week, the Biden administration urged software developers to adopt memory-safe programming languages and moved to restrict Chinese connected cars, a pharma giant was breached, researchers found malicious repos in GitHub, the Phobos RaaS group is targeting the U.S., and Zyxel patched devices.
Okta's 90-day push to improve its security architecture and operations after a crippling October 2023 data breach delivered quick results, CEO Todd McKinnon said. Okta over the past quarter reduced credential stuffing attempts and malicious bot traffic for its largest customers by more than 90%.
Is Moscow using the Russian-speaking LockBit ransomware group as a tool to disrupt critical infrastructure and democracy in the West? While no publicly available evidence reveals direct ties, what are the chances that the prolific, trash-talking group has escaped authorities' attention - or demands?
Your supply chain is your new attack surface, according to Galit Lubetzky Sharon, the co-founder and CEO of Wing Security. She discusses Wing's solution - Secure SaaS Posture Management, or SSPM - that helps organizations ensure that all of their SaaS apps are safe and compliant.
Chinese threat actors are continuing to persist after exploiting the recent Ivanti Connect Secure VPN vulnerability even after factory resets, system upgrades and patches. The threat actor, UNC5325, is adept at "living off the land" techniques, warned threat intelligence firm Mandiant.
First-party fraudsters have shifted their focus from credit card fraud to deposit scams. In this evolving threat environment, financial institutions face new challenges from the increased use of synthetic identities and the difficulties in classifying first-party fraud, said BioCatch's Seth Ruden.
BlackCat claimed on its dark web site that it is behind the biggest healthcare hack so far the year - exfiltrating 6 terabytes of "highly selective data" relating to "all" Change Healthcare clients, including Tricare, Medicare, CVS Caremark, MetLife and more.
Russia's war of conquest against Ukraine grinds onward, but the number of self-proclaimed hacktivists appears to be dwindling as the strategy of temporarily disrupting the availability of high-profile websites has failed to sustain enthusiasm. Groups such as KillNet are still mostly a nuisance.
U.S. President Joe Biden is set to sign Wednesday an executive order aimed at preventing the large-scale transfer of Americans' sensitive personal data to countries including China. The order will set off a rule-making process spearheaded by the Department of Justice.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.